SSL

SSL

Although having an SSL certificate can present certain user errors in regards to notification from older browsers certificate-authenticated SSL is considered mandatory by all security guidelines whenever a web site hosts confidential information or performs material transactions.

WildCard Domains:

Unfortunately there has never been a good RFC on how wildcard matching works so the different implementations (SChannel and NSS mainly) are slightly different. However, here's the draft standard which will pin this down:

http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-09#section-4.4.3

And here's Microsoft's take on it:

http://support.microsoft.com/kb/258858

Accepted wildcard examples

  • www.example.com matches www.example.com
  • *.example.com matches www.example.com
  • w*.example.com matches www.example.com
  • ww*.example.com matches www.example.com
  • Www.Example.com matches www.examPle.cOm

Nonaccepted wildcard examples

  • *www.example.com
  • *w.example.com
  • w*w.example.com
  • *ww.example.com does not match www.example.com
  • www.e*ample.com does not match www.example.com
  • www.*ample.com does not match www.example.com
  • www.ex*.com does not match www.example.com
  • www.*.com does not match www.example.com
  • example.com does not match *.com does not match www.example.com
  • www.example.abc.com does not match *.abc.com
  • example.com does not match *.*
  • example does not match *
  • abc.def.example.com does not match a*.d*.example.com
  • www.example.com.au does not match *.*.com.au
  • www.example.com.au does not match www.*.com.au

Basically, a wildcard may appear as the left-most label and it matches exactly one label. So *.example.com matches www.example.com, but not example.com (because that would mean matching zero labels).